commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [dbutils] sign-artifacts hangs during release:prepare
Date Thu, 15 Dec 2011 12:13:49 GMT
On Dec 15, 2011, at 4:42, sebb <sebbaz@gmail.com> wrote:

> On 15 December 2011 03:32, William Speirs <wspeirs@apache.org> wrote:
>> Anyone have any idea on this? Should I be seeing basic auth for my
>> challenge? Where can I set the password as I was never prompted to
>> enter it.
>>
>> At this point, can someone else deploy RC1 while I figure out what is
>> wrong on my end?
>
> I don't use the release plugin so cannot help directly.
>
> You could create the RC tag manually, as described in
>
> http://wiki.apache.org/commons/UsingNexus#Create_the_SVN_tags_.28Manual_method.29
>
> This has the advantage that trunk never loses the SNAPSHOT suffix, and
> you have a clean workspace in which to build the code, and the SVN
> commands are not buried in the Maven invocation.
>
> However, AFAICT dbutils is not currently set up to use Nexus - it's
> not an o.a.c groupId - so you cannot use Nexus to stage and deploy the
> Maven artifacts.

You just need an infra Jira to create the nexus stuff for this group Id.

Gary

>
> Be very careful you don't accidentally deploy the artifacts to the
> live repo before the vote succeeds.
> Sorry, but I don't know how deployment is done without Nexus.
>
>> Thanks...
>>
>> Bill-
>>
>> On Tue, Dec 13, 2011 at 4:32 PM, William Speirs <wspeirs@apache.org> wrote:
>>> First, thank you all again for the help!
>>>
>>> I got past the GPG step, now I'm stuck on password/auth issues now with SVN :-(
>>>
>>> I thought the issue was that my password manager wasn't authed and
>>> that svn was working in a non-interactive mode, so it couldn't get my
>>> password; this was the reason for -r1213934.
>>>
>>> Anyway, output below... any/all ideas welcomed!
>>>
>>> Bill-
>>>
>>> [INFO] Checking in modified POMs...
>>> [INFO] Executing: /bin/sh -c cd
>>> /home/wspeirs/workspace/commons-dbutils && svn --non-interactive
>>> commit --file /tmp/maven-scm-481300763.commit --targets
>>> /tmp/maven-scm-3917786176898805146-targets
>>> [INFO] Working directory: /home/wspeirs/workspace/commons-dbutils
>>> [INFO] ------------------------------------------------------------------------
>>> [ERROR] BUILD FAILURE
>>> [INFO] ------------------------------------------------------------------------
>>> [INFO] Unable to commit files
>>> Provider message:
>>> The svn command failed.
>>> Command output:
>>> svn: Commit failed (details follow):
>>> svn: MKACTIVITY of
>>> '/repos/asf/!svn/act/3b6f8370-abd6-4d88-adeb-7dc981ecd57f':
>>> authorization failed: Could not authenticate to server: rejected Basic
>>> challenge (https://svn.apache.org)
>>>
>>>
>>> On Tue, Dec 13, 2011 at 10:28 AM, sebb <sebbaz@gmail.com> wrote:
>>>> On 13 December 2011 15:19, William Speirs <wspeirs@apache.org> wrote:
>>>>> I will try adding the additional elements:
>>>>>
>>>>> <gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
>>>>> <!-- must be on the execution path -->
>>>>> <gpg.executable>gpg2</gpg.executable>
>>>>
>>>> Sorry, should have clarified - the above requires gpg2 to be installed
>>>> and created.
>>>>
>>>> I installed both gpg1 and gpg2, and created gpg1 and gpg2 as copies of
>>>> their respective gpg executables.
>>>> e.g. on Windows copy gpg.exe gpg<n>.exe
>>>>
>>>> Both versions of gpg are on the execution path; running gpg picks the
>>>> first one; running gpg1 or gpg2 picks only that version.
>>>>
>>>> This enables quick swapping between them as required.
>>>>
>>>>> And also try with gpg2.
>>>>>
>>>>> I'll try later today and update.
>>>>>
>>>>> Thanks again for all of the help!
>>>>>
>>>>> Bill-
>>>>>
>>>>> On Tue, Dec 13, 2011 at 9:23 AM, Gary Gregory <garydgregory@gmail.com>
wrote:
>>>>>> FWIW: My set up is such that I always enter my password on the CLI
when
>>>>>> Maven asks for it.
>>>>>>
>>>>>> Gary
>>>>>>
>>>>>> On Tue, Dec 13, 2011 at 9:20 AM, sebb <sebbaz@gmail.com> wrote:
>>>>>>
>>>>>>> On 13 December 2011 13:53, William Speirs <wspeirs@apache.org>
wrote:
>>>>>>>> On Tue, Dec 13, 2011 at 12:16 AM, Gary Gregory <garydgregory@gmail.com>
>>>>>>> wrote:
>>>>>>>>> Did you do the whole master pass phrase/obfuscated stuff
that the top
>>>>>>>>> of the Using Nexus wiki points to?
>>>>>>>>
>>>>>>>> I did not do this at first, but I have since tried. I setup
my
>>>>>>>> settings-security.xml file as show on the wiki page, and
added the
>>>>>>>> encrypted passwords to my settings.xml file. Still doesn't
work.
>>>>>>>>
>>>>>>>> Below is my entire settings.xml file (with passwords removed).
By
>>>>>>>> adding the <mavenExecutorId> element, it will not hang
but prompt me
>>>>>>>> for a password if it's not supplied via <gpg.passphrase>.
However,
>>>>>>>> even when I type my passphrase in, it still rejects it. Again,
if I
>>>>>>>> use gpg -c somefile.txt and type in that same passphrase,
everything
>>>>>>>> works.
>>>>>>>>
>>>>>>>> I'm testing this by running: mvn -Prc,apache package gpg:sign
>>>>>>>
>>>>>>> Not sure what the rc profile does compared with the release profile.
>>>>>>>
>>>>>>> What version of GPG are you using?
>>>>>>>
>>>>>>>
>>>>>>>> And I keep getting:
>>>>>>>>
>>>>>>>> [INFO] [gpg:sign {execution: default-cli}]
>>>>>>>> gpg: skipped "B0EC1E65": bad passphrase
>>>>>>>> gpg: signing failed: bad passphrase
>>>>>>>>
>>>>>>>> I'm at a loss at this point...
>>>>>>>>
>>>>>>>> Bill-
>>>>>>>>
>>>>>>>> * settings.xml *
>>>>>>>>
>>>>>>>> <?xml version="1.0"?>
>>>>>>>> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
>>>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>>>>> xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
>>>>>>>> http://maven.apache.org/xsd/settings-1.0.0.xsd">
>>>>>>>>  <servers>
>>>>>>>>    <server>
>>>>>>>>      <id>apache.releases</id>
>>>>>>>>      <username>wspeirs</username>
>>>>>>>>      <password>{my encrypted Apache password here}</password>
>>>>>>>>      <filePermissions>664</filePermissions>
>>>>>>>>      <directoryPermissions>775</directoryPermissions>
>>>>>>>>    </server>
>>>>>>>>    <server>
>>>>>>>>      <id>apache.website</id>
>>>>>>>>      <username>wspeirs</username>
>>>>>>>>      <password>{my encrypted Apache password here}</password>
>>>>>>>>      <filePermissions>664</filePermissions>
>>>>>>>>      <directoryPermissions>775</directoryPermissions>
>>>>>>>>    </server>
>>>>>>>>    <server>
>>>>>>>>      <id>apache.snapshots</id>
>>>>>>>>      <username>wspeirs</username>
>>>>>>>>      <password>{my encrypted Apache password here}</password>
>>>>>>>>      <filePermissions>664</filePermissions>
>>>>>>>>      <directoryPermissions>775</directoryPermissions>
>>>>>>>>    </server>
>>>>>>>>  </servers>
>>>>>>>>  <profiles>
>>>>>>>>    <profile>
>>>>>>>>      <id>apache</id>
>>>>>>>>      <activation>
>>>>>>>>        <activeByDefault>false</activeByDefault>
>>>>>>>>      </activation>
>>>>>>>>      <properties>
>>>>>>>>        <mavenExecutorId>forked-path</mavenExecutorId>
>>>>>>>>        <commons.deployment.protocol>scp</commons.deployment.protocol>
>>>>>>>>        <gpg.keyname>B0EC1E65</gpg.keyname>
>>>>>>>>        <gpg.passphrase>{my encrypted GPG password here}</gpg.passphrase>
>>>>>>>>      </properties>
>>>>>>>>    </profile>
>>>>>>>>  </profiles>
>>>>>>>> </settings>
>>>>>>>
>>>>>>> I use an external GPG database (on a USB stick); but for test
purposes
>>>>>>> I have a dummy signing key using a local database.
>>>>>>>
>>>>>>>    <profile>
>>>>>>>      <id>keyTest</id>
>>>>>>>      <properties>
>>>>>>>        <gpg.keyname>Deploy Test User</gpg.keyname>
>>>>>>>        <gpg.passphrase>password in clear</gpg.passphrase>
>>>>>>>        <gpg.useagent>false</gpg.useagent>
>>>>>>>      </properties>
>>>>>>>    </profile>
>>>>>>>
>>>>>>> Here's the real key profile:
>>>>>>>
>>>>>>>    <profile>
>>>>>>>      <id>keyReal</id>
>>>>>>>      <properties>
>>>>>>>        <gpg.keyname>4FAD5F62</gpg.keyname>
>>>>>>>        <gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
>>>>>>>       <!-- must be on the execution path -->
>>>>>>>        <gpg.executable>gpg2</gpg.executable>
>>>>>>>        <gpg.useagent>false</gpg.useagent>
>>>>>>>      </properties>
>>>>>>>    </profile>
>>>>>>>
>>>>>>> I found gpg2 worked better for me, but I still use gpg1 sometimes.
>>>>>>>
>>>>>>> The real gpg password is not stored anywhere; I have to enter
it at
>>>>>>> run-time.
>>>>>>>
>>>>>>> For example, if I remove the test password, I see the following:
>>>>>>>
>>>>>>> mvn package gpg:sign -PkeyTest
>>>>>>> ...
>>>>>>> [INFO] [jar:jar {execution: default-jar}]
>>>>>>> [INFO] [jar:test-jar {execution: default}]
>>>>>>> [INFO] [gpg:sign {execution: default-cli}]
>>>>>>> GPG Passphrase: * <= enter the passphrase here.
>>>>>>>
>>>>>>> The same applies to gpg1 and gpg2, but if I use gpg2, I also
get the
>>>>>>> following warnings:
>>>>>>>
>>>>>>> gpg: WARNING: "--no-use-agent" is an obsolete option - it has
no effect
>>>>>>> gpg: WARNING: "--no-use-agent" is an obsolete option - it has
no effect
>>>>>>> gpg: WARNING: "--no-use-agent" is an obsolete option - it has
no effect
>>>>>>>
>>>>>>> The settings-security.xml file is not needed for GPG passwords.
>>>>>>> And I've not tried it.
>>>>>>>
>>>>>>> I suggest you set up a dummy local key and password as per my
example.
>>>>>>> Get that working, then try specifying the secret key ring to
point to
>>>>>>> the dummy key.
>>>>>>> When that works, drop the password.
>>>>>>> Then fix the secret key ring tag to point to your real secret
key ring.
>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>>>>>>>> For additional commands, e-mail: dev-help@commons.apache.org
>>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>>>>>>> For additional commands, e-mail: dev-help@commons.apache.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> E-Mail: garydgregory@gmail.com | ggregory@apache.org
>>>>>> JUnit in Action, 2nd Ed: <http://goog_1249600977>http://bit.ly/ECvg0
>>>>>> Spring Batch in Action: <http://s.apache.org/HOq>http://bit.ly/bqpbCK
>>>>>> Blog: http://garygregory.wordpress.com
>>>>>> Home: http://garygregory.com/
>>>>>> Tweet! http://twitter.com/GaryGregory
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>>>>> For additional commands, e-mail: dev-help@commons.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>>>> For additional commands, e-mail: dev-help@commons.apache.org
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message